Security Manager 6.5
Unable to specify syslog2 type custom provider for archival filtering
The workflow works differently for syslog type. In order to filter data for a syslog provider, you will need to do this at the provider level itself, and not the rule level. The advantage here is that the event will never enter the workflow, making the provider is much more efficient.
There is not an archival filter rule type for syslog
Formerly known as NETIQKB72432